我的Windows Active Directory服务器上安装了Kerberos,但无法连接到UNIX中的KAdmin。
我能够在Windows中创build用户和委托人,将keytabs导出到远程linux服务器,然后成功地将kinit导出。
不过,我想确保keytabs的maxrenewlife和allow_renewable设置,因为我不认为我的keytabs正在更新成功。
1)如何在Windows AD机器上设置这些属性?
我相信这可以通过kadmin界面来完成,但我无法连接到它。
root@dagobah:# kadmin -p pele/[email protected] Authenticating as principal kadmin/[email protected] with password. Password for kadmin/[email protected]: Password for kadmin/[email protected]: kadmin: Database error! Required KADM5 principal missing while initializing kadmin interface
所以下面这个post – https://security.stackexchange.com/questions/7698/kadmin-problem-client-not-found-in-kerberos-database-while-initializing-kadmin – 我创build了kadmin / dagobah&kadmin /pipe理员委托人并重试:
root@dagobah:/etc/security/keytabs# kinit kadmin Password for [email protected]: root@dagobah:/etc/security/keytabs# kadmin Authenticating as principal kadmin/[email protected] with password. Password for kadmin/[email protected]: Password for kadmin/[email protected]: kadmin: Communication failure with server while initializing kadmin interface
2)我如何连接到Kadmin?